Written by Tampere University
We in the SafeHorizon project continuously monitor clear/deep/dark-web sources, not just for data breaches, but for the underlying infrastructure that powers Crime-as-a-Service (CaaS).
While last month we discussed the symptoms of CaaS (like SIM swaps), this month we’re focused on the disease: the industrial-scale tools that criminals rent.
A recent Europol operation shows exactly why this sector is the new frontline.
This month, a coordinated law enforcement action called “Operation SIMCARTEL” struck a major blow against the CaaS ecosystem. Led by Austria, Estonia, Finland, and Latvia, with support from Europol and Eurojust,
the operation dismantled a sophisticated CaaS platform. This platform sold access to over 1,200 SIM box devices, which controlled 40,000 active SIM cards.
These weren’t for data leaks; they were rented by other criminals to create nearly 50 million fraudulent online accounts, enabling thousands of phishing, investment, and social media fraud cases.
Five-minute mitigation (orgs & individuals)
- Move off SMS 2FA: This operation proves that SMS verification is a commercial target. Move all critical accounts (email, banking) to authenticator apps or hardware passkeys (FIDO2).
- Fight automated signups (Orgs): If you run a service, strengthen new-account velocity checks and bot detection. The 49 million fake accounts were created by automation.
- Trust no new “friend”: Be extra skeptical of new social media or messaging requests. They may be from automated accounts created by services like the one just taken down.
- Report all phishing: Even if you don’t fall for it, report phishing attempts to your provider.
References:
https://www.infosecurity-magazine.com/news/criminal-sim-card-supply-network
https://cisoseries.com/cybersecurity-news-europol-dismantles-sim-farm-envoy-air-compromised-everest-claims-collins-hack/
